Enemy at the gate

Sometimes it takes bold measures to solve a problem, or potential problem.

After confiding with Microsoft New Zealand’s chief technology officer Brett Roberts late last year that all was not right with my personal computer (a trojan had steadfastly refused eviction), I resolved to wipe the slate clean and start again, with a completely updated operating system and security suite.

Now I can honestly say that, despite a little short-term inconvenience, the update was worth it for peace of mind and the vastly improved system performance.

Just as I was ignorant of the need to keep my defences up to date – unfortunately many business owners are equally as oblivious to their system vulnerabilities.

As Roberts points out – many businesses still don’t understand security from a business risk perspective.

"The key driver is to think in terms of "defence in depth" – there are multiple layers of security to consider and they’re not all technological," he says. "Mitigating IT risk involves the three-legged stool of: technology, policies and people. Train your people on exactly what business you’re in and why security is so important. Put policies in place that determine who can access what, and strictly govern the downloading of files."

It’s also important to determine who’s responsible for IT security in your organisation – no matter what size company it is.

"Everyone knows who does the GST accounts in your business, but if staff don’t know who’s in charge of IT security, then you really do have a problem."

Roberts says businesses are more vulnerable to attack than ever before, particularly from blended threats, which have been linked by security experts to the almost inevitable Zero Day attacks. (Zero Day attacks will occur when it becomes possible for an exploit to be created and released immediately after a vulnerability is discovered, leaving no time for computer administrators or users to respond.)

He says businesses must be proactive. "Think about the bigger picture and be prepared for the unexpected." If you’re unsure just where to begin, Roberts lists the very latest Windows updates, firewalls, anti-spyware and anti-virus programs as an absolute must. He also recommends the services of a good IT partner, rather than relying on your well-intentioned mate to sort things out.

A good website for gleaning information on security issues and accessing the latest tools is www.protectmypc.co.nz . If you’re unsure which patches and updates your home computer requires, Roberts recommends http://update.microsoft.com. And if you haven’t bothered to download Service Pack Two for Windows, he says your computer is ten to 12 times more vulnerable to attack.

"Doing nothing is a bad option when it comes to IT security," advises Roberts. "You need to do what it takes to prevent malicious attacks from occurring."

Roberts also urges business owners to consider the wider picture when it comes to mitigating risk. How much of their business’s value is tied up in intellectual property? Do you have a disaster recovery plan for when Mother Nature cuts loose? What back-up is there if your customer database was suddenly trashed or stolen? Can your top salesperson walk out the door with last year’s database of quotes? How secure is your wireless network? These questions must all be addressed, and as a matter of urgency.

The old adage of "prevention is better than cure" certainly still applies, particularly when it comes to the security of business systems. So be bold, take action, and never let your defences down.